- Frank Hempel found out a bug and provided the fix:

  curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
  option. It only enabled the cookie engine in the destination handle if
  data->cookies is not NULL (where data is the source handle). In case of a
  newly initialized handle which just had the cookie support enabled by a
  curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
  still NULL because the setopt-call only appends the value to
  data->change.cookielist, hence duplicating this handle would not have the
  cookie engine switched on.

  We also concluded that the slist-functionality would be suitable for being
  put in its own module rather than simply hanging out in lib/sendf.c so I
  created lib/slist.[ch] for them.

1 files changed, 2 insertions, 1 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d7cd170a2..c28844f9e 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -17,6 +17,7 @@ This release includes the following bugfixes:
  o NTLM authentication memory leak on SSPI enabled Windows builds
  o fixed the GnuTLS-using code to do correct return code checks
  o an alloc-related call in the OpenSSL-using code didn't check the return value
+ o curl_easy_duphandle() failed to duplicate cookies at times
 
 This release includes the following known bugs:
 
@@ -26,6 +27,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
  Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert,
- Andre Guibert de Bruet, Andreas Farber
+ Andre Guibert de Bruet, Andreas Farber, Frank Hempel
 
         Thanks! (and sorry if I forgot to mention someone)